Patent Grant
11354673
At least one embodiment of the present invention pertains to electronic commerce, and more particularly, to a technique for enhancing security of sensitive data during online transactions involving payment card accounts.
When purchasing goods or services online (e.g., via the Internet), a consumer may be given the option to pay by credit card or other type of payment card (e.g., debit card or gift card). To do so, after adding one or more items to his or her electronic shopping cart and requesting checkout, the consumer typically enters his or her payment card information into a web page generated by a shopping cart application of the merchant. Once the payment card information is entered, the consumer provides a confirmation input that indicates his or her commitment to the transaction and that causes his or her user device to submit payment information to the website of the merchant. The merchant's computer system then requests authorization of the card transaction through a financial system.
One problem with this payment paradigm is that it exposes sensitive information of the consumer, namely, the consumer's payment card information, to various third parties, where it may be vulnerable to misappropriation. For example, the payment card information may be inadvertently provided by the consumer to a wrongdoer posing as a legitimate online merchant. Additionally, merchants sometimes store the consumer's card information. Different merchants implement vastly differing degrees of data security, such that the consumer's card information may be vulnerable to unauthorized acquisition by hackers once it is in the possession of a merchant.
One or more embodiments of the present invention are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements.
In the technique introduced here, credit card or other payment card information of a consumer (also called the “cardholder” or “user” herein) is protected during online payment card based transactions, by enabling a user device of the consumer to request and receive, during an online shopping session, temporary proxy payment card information from a third-party payment processing service (PPS), and by enabling the user device to populate that temporary proxy payment card information into an online transaction web interface of the merchant automatically. In some embodiments, this is accomplished by equipping a browser in the user device with a control that, when activated by the consumer, accesses the PPS to obtain the proxy card information populates that information into the online transaction web interface of the merchant automatically. The temporary proxy payment card information is associated in the third-party PPS with a real payment card account of the consumer. When the merchant requests authorization for the transaction with the proxy payment card information, the authorization request gets routed to the PPS via the payment card network, by virtue of the proxy card number, according to the normal authorization request routing process. The PPS then uses the consumer's real payment card information to authorize and fund the transaction.
Hence, the consumer's real payment card information is never exposed to the merchant or to any unauthorized third parties who penetrate the merchant's information systems. Additionally, this technique is completely transparent to the merchant and therefore requires no modifications to the merchant's e-commerce system.
Consider the following example scenario in which the technique can be applied. The PPS is a secure business enterprise and computer system that is highly trusted by the consumer. A consumer initially enrolls with the PPS by setting up an account with the PPS, which includes providing his or her real credit card information to the PPS. Enrollment with the PPS may be done via a website of the PPS, by telephone, electronic mail, standard mail, or any other convenient communication channel. The consumer further installs a software extension or plug-in associated with the PPS into a conventional web browser (e.g., Microsoft Internet Explorer, Mozilla Firefox or Google Chrome) in a user device used by the consumer. The user device may be, for example, a conventional personal computer (PC), such as a desktop computer or laptop computer, or it may be a smartphone, tablet computer, or any other known or convenient processing device.
The consumer later visits an electronic commerce (e-commerce) website of a merchant, which may be a merchant with whom the consumer is not familiar and in whom the consumer does not have a high level of trust. The consumer adds one or more items to his or her electronic shopping cart and requests checkout. The consumer then clicks a button to activate the PPS browser extension, by which the consumer can pay securely through the PPS. When activated, the extension accesses the PPS (which is implemented at least partially on one or more remote server computers) via a network such as the Internet, to obtain a dynamically generated credit card number, along with corresponding card type information, cardholder name, expiration date and card verification value (CVV); this information collectively is the temporary proxy payment card information (or simply proxy card information). The proxy card information can include a valid Visa or Mastercard number, for example, and may be issued by the PPS. Once received from the PPS, the PPS browser extension automatically populates the proxy card information into the merchant's website's checkout page (e.g., a web form). The PPS is subsequently contacted as the card issuer during the credit card payment authorization process.
Note that while the example of a credit card is used herein to facilitate description, the proxy card information can be associated in the PPS with any other type of real payment card, such as a debit card or a gift card, for example.
The PPS can maintain validity rules that limit the validity of the proxy card information, such as by time, merchant, transaction amount, number of transactions, or any other criteria. These rules may be specified or selected by the consumer (prior to the transaction), or they may be default rules provided by the PPS. The validity rules include at least one validity criterion, which can be or include, for example, a maximum individual or collective transaction amount and/or a maximum number of transactions for which the proxy card information can be used, particular merchant or category of merchant in which the proxy card information can be used, etc. The validity criterion further can be or include an expiration date and/or time for the proxy card information, which can be different from the expiration date of the consumer's real payment card. Furthermore, the expiration date/time of the proxy card information can also be different from the proxy expiration date provided to the merchant website, i.e., it can be earlier than or later than the proxy expiration date. In other words, the proxy card expiration date provided to the merchant may be a dummy expiration date that does not reflect the actual expiration date/time of the proxy card information or the expiration date of the consumer's real payment card information.
For example, the validity rules might specify that the proxy card information can be used only once, or only once per day, or only once per day per merchant, or only for specific merchants or categories of merchants, or only for up to $2,500 per month, or combination of such restrictions. From the merchant's perspective, the consumer is using a normal payment card number (and associated information). From the consumer's perspective, they just enter minimal PPS authentication information (e.g., username and password) once, or at most once per user session. From the PPS's perspective, they receive an authorization request through the proxy card information and then use the consumer's real card information on file to authorize and fund the transaction.
If the merchant is the target of a hacking attack directed to its stored card information, all they have of the consumer is a name and card information that has no value, because the information is single-use or very limited use, and the PPS can deactivate all proxy card numbers used at that merchant without having to the deactivate the backing payment cards.
Though not shown in
Referring now to
The PPS system 3 includes, for each consumer enrolled with the PPS, information 23 identifying the consumer and/or the consumer's user device (hereinafter “user/device information”), real payment card account information 24 of the consumer, and proxy payment card information 25 associated with the consumer. Additionally, the PPS system 3 includes a card information proxying unit 26 and a payment authorization unit 27. The card information proxying unit 26 is responsible for maintaining the association between the consumer's user/device information 23, real card account information 24 and proxy card account information 25, and for looking up and providing proxy card account information 25 to the user device 1 when required. The payment authorization unit 27 is responsible for determining whether to authorize requested payment card transactions, including applying stored validity rules 28 associated with the proxy card information 25.
In some embodiments, the PPS system 3 may associate a particular consumer with two or more different sets of proxy payment card accounts, all of which may be associated in the PPS system 3 with the same real payment card of the consumer or with two or more different real payment cards of the consumer. In such an embodiment, the particular proxy payment card information to be used for a given transaction can be selected using any of various techniques, such as by user selection on a per-transaction basis, based on selection rules or policies previously specified by the user, or based on default rules or policies. The real payment card or cards associated with a particular consumer in the PPS system 3 (and hence, with a particular set of proxy payment card information) can include one or more credit cards, debit cards, gift cards, or a combination thereof.
In operation, when the consumer activates a known browser control associated with the PPS plug-in 22, the PPS plug-in 22 sends information of the consumer to the PPS. In certain embodiments, the PPS plug-in first prompts the consumer to enter his or her identifying information to be used by the PPS to authenticate the consumer, such as a username and password. This information can be input one time and then stored locally in the user device for future use, or it may be input by the consumer for each online transaction or each user session. The user/device information may be sent to the PPS system 3 via any known or convenient network or internetwork, such as the Internet. When the user/device information is received by the PPS system 3, the card information proxying unit 26 uses the user/device information to look up the proxy card account information 25, which it then returns to the PPS plug-in 22. The PPS plug-in 22 then populates the received proxy card account information into the payment information user interface provided by the merchant's website 2, which may be a web form. The receipt of proxy card information and population of that information into the merchant's user interface normally happens within a few seconds (at most), of the consumer activating the PPS browser control. In an alternative embodiment, the proxy card information may simply be displayed to the user, who then manually copies that information into the merchant's payment information user interface.
When the user commits to the transaction by providing an appropriate confirmation input, the merchant e-commerce website 2 sends a transaction authorization request to its acquiring bank, which routes the request to the applicable card network (e.g., Visa or MasterCard) based on the proxy payment card number, which then routes the request to the PPS system 3. The payment authorization unit 27 in the PPS system 3 then uses the proxy payment card number in the request to look up the applicable validity rules or rules 28 associated with the proxy payment card information and determine whether the transaction request complies with them. If the request does not comply with any applicable validity rule(s) 28, the authorization request is denied. If the request does comply, then the payment authorization unit 27 looks up the real payment card information 24 of the consumer and uses that information to authorize the transaction, assuming the consumer's real payment card has not expired and has sufficient credit or funds remaining to cover the transaction amount.
In some embodiments, instead of implementing this technique with a browser extension on the client side, the PPS client-side functionality may be provided by a separate software application or dedicated PPS hardware device that operates in the consumer's user device 1. In that scenario, the PPS can publish an application programming interface (API) for other software vendors, to allow browsers and/or e-commerce software to invoke the PPS functionality. In that case, the user can easily switch back and forth between a browser or e-commerce application and the PPS client-side application/functionality, to request and receive proxy payment card information.
In response to user input 31, the user device 1 sends a proxy card information request 32 to the PPS system 3. The request may be sent using any known or convenient protocol(s), including, for example, Hypertext Transport Protocol Secure (HTTPS).
Note that in this description, any references to sending or transmitting a message, signal, etc. to another device (recipient device) means that the message is sent with the intention that it its information content ultimately be delivered to the recipient device; however, such references do not mean that the message must be sent directly to the recipient device. That is, unless stated otherwise, there can be one or more intermediary entities that receive and forward the message, signal, etc., either as is or in modified form, prior to its delivery to the recipient device. This clarification also applies to any references herein to receiving a message, signal, etc. from another device; i.e., direct point-to-point communication is not required unless so stated.
In response to the proxy card information request 32, the PPS system 3 generates or looks up the proxy payment card information for that user, and returns it to the user device in a proxy card information response 33. The PPS functionality in the user device 1 then automatically populates this information into the payment card information fields 46 (e.g., card type, card number, security code (CW), expiration date and name on card) in the merchant's payment information webpage 44. Alternatively, the consumer can manually copy that information into the merchant's payment information webpage 44. An example of the result of this operation is shown in
In certain embodiments, to provide additional fraud protection, the PPS system 3 can use a different proxy payment card number for each merchant or category of merchants. Additionally, or as an alternative, the PPS system 3 can generate different combinations of proxy CVVs and/or proxy expirations dates with the same proxy payment card number, and can use a different combination of such information for each merchant or category of merchant. The use of such combinations provides a greater number of unique permutations of proxy payment card information, thereby reducing the overall exposure to wrongdoers.
When the consumer is ready to commit to the transaction, he or she enters an appropriate user input 34 to the user device 1, for example, by clicking on a “Pay Now” button 47. This causes the user device 1 to send a conventional transaction confirmation message 35 (e.g., using HTTPS or other similar protocol) containing the proxy card information to the merchant's e-commerce website 2. The merchant's e-commerce website 2 then sends a transaction authorization request 36 to the financial system 4. The financial system 4 routes the request in the form of message 37 to the PPS system 3. The PPS system 3 determines whether to authorize the transaction in the manner described above, and sends an authorization response 38 (e.g. authorized or declined) to the financial system 4, which forwards the response in the form of message 39 to the merchant's e-commerce website 2. The merchant's e-commerce website 2 then sends an appropriate message 40 confirming or denying the transaction to the user device 1, which displays 41 the message to the consumer.
In the illustrated embodiment, the architecture 700 includes one or more processors 710, memory 711, one or more communication device(s) 712, one or more input/output (I/O) devices 713, and one or more mass storage devices 714, all coupled to each other through an interconnect 715. The interconnect 715 may be or include one or more conductive traces, buses, point-to-point connections, controllers, adapters and/or other conventional connection devices. The processor(s) 710 may be or include, for example, one or more general-purpose programmable microprocessors, digital signal processors (DSPs), microcontrollers, application specific integrated circuits (ASICs), programmable gate arrays, or the like, or a combination of such devices. The processor(s) 710 control the overall operation of the processing device 700.
Memory 711 may be or include one or more physical storage devices, which may be in the form of random access memory (RAM), read-only memory (ROM) (which may be erasable and programmable), flash memory, miniature hard disk drive, or other suitable type of storage device, or a combination of such devices. The mass storage device (s) 714 may be or include one or more hard drives, digital versatile disks (DVDs), flash memories, or the like. Memory 711 and/or mass storage 714 may store (individually or collectively) data and instructions that configure the processor(s) 710 to execute operations in accordance with the techniques described above. The communication devices 712 may be or include, for example, an Ethernet adapter, cable modem, Wi-Fi adapter, cellular transceiver, Bluetooth or Bluetooth Low Energy (BLE) transceiver, or the like, or a combination thereof. Depending on the specific nature and purpose of the processing device 700, the I/O devices 713 can include devices such as a display (which may be a touch screen display), audio speaker, keyboard, mouse or other pointing device, microphone, camera, etc. Note that these I/O devices may be unnecessary, however, if the processing device 700 is embodied solely as a server computer.
In the case of the user device 1, the communication devices 712 can be or include, for example, a cellular telecommunications transceiver (e.g., 3G or 4G/LTE), Wi-Fi transceiver, Bluetooth or BLE transceiver, or the like, or a combination thereof. In the case of the validation system 22, the communication devices 712 can be or include, for example, any of the aforementioned types of communication devices, a wired Ethernet adapter, cable modem, DSL modem, or the like, or a combination of such devices.
Unless contrary to physical possibility, it is envisioned that (i) the methods/steps described herein may be performed in any sequence and/or in any combination, and that (ii) the components of respective embodiments may be combined in any manner.
The machine-implemented operations described above can be implemented by programmable circuitry programmed/configured by software and/or firmware, or entirely by special-purpose circuitry, or by a combination of such forms. Such special-purpose circuitry (if any) can be in the form of, for example, one or more application-specific integrated circuits (ASICs), programmable logic devices (PLDs), field-programmable gate arrays (FPGAs), etc.
Software used to implement the techniques introduced here may be stored on a machine-readable storage medium and may be executed by one or more general-purpose or special-purpose programmable microprocessors. A “machine-readable medium”, as the term is used herein, includes any mechanism that can store information in a form accessible by a machine (a machine may be, for example, a computer, network device, cellular phone, personal digital assistant (PDA), manufacturing tool, any device with one or more processors, etc.). For example, a machine-accessible medium includes recordable/non-recordable media (e.g., read-only memory (ROM); random access memory (RAM); magnetic disk storage media; optical storage media; flash memory devices; etc.), etc.
Note that any and all of the embodiments described above can be combined with each other, except to the extent that it may be stated otherwise above or to the extent that any such embodiments might be mutually exclusive in function and/or structure.
Although the present invention has been described with reference to specific exemplary embodiments, it will be recognized that the invention is not limited to the embodiments described, but can be practiced with modification and alteration within the spirit and scope of the appended claims. Accordingly, the specification and drawings are to be regarded in an illustrative sense rather than a restrictive sense.
| Number | Name | Date | Kind |
|---|---|---|---|
| 2666655 | Wolowitz | Jan 1954 | A |
| 3217643 | Crissy et al. | Nov 1965 | A |
| 3601913 | Pollock et al. | Aug 1971 | A |
| 5221838 | Gutman et al. | Jun 1993 | A |
| D358419 | Runyan | May 1995 | S |
| D387802 | Finkelstein et al. | Dec 1997 | S |
| D406861 | Leedy, Jr. | Mar 1999 | S |
| D438563 | Webb et al. | Mar 2001 | S |
| D462714 | Creighton | Sep 2002 | S |
| 6601049 | Cooper | Jul 2003 | B1 |
| D486515 | True | Feb 2004 | S |
| 6694300 | Walker et al. | Feb 2004 | B1 |
| D498788 | Lubking | Nov 2004 | S |
| 7433499 | Kim | Oct 2008 | B2 |
| 7567936 | Peckover | Jul 2009 | B1 |
| 7593862 | Mankoff | Sep 2009 | B2 |
| 7693745 | Pomerantz et al. | Apr 2010 | B1 |
| D620975 | Skelding et al. | Aug 2010 | S |
| D622315 | Skelding et al. | Aug 2010 | S |
| D628236 | Skelding et al. | Nov 2010 | S |
| D635186 | Skelding et al. | Mar 2011 | S |
| D643062 | Skelding et al. | Aug 2011 | S |
| D665851 | Davis | Aug 2012 | S |
| 8577803 | Chatterjee et al. | Nov 2013 | B2 |
| 8700905 | Guenther | Apr 2014 | B2 |
| 9152973 | Warner et al. | Oct 2015 | B2 |
| 9390145 | Weiss et al. | Jul 2016 | B2 |
| D767024 | O'Shea et al. | Sep 2016 | S |
| 9741036 | Grassadonia et al. | Aug 2017 | B1 |
| 9805384 | Chauhan | Oct 2017 | B2 |
| 9836736 | Neale et al. | Dec 2017 | B1 |
| D813302 | Getachew et al. | Mar 2018 | S |
| 10032325 | Westen et al. | Jul 2018 | B1 |
| 10157397 | Walz | Dec 2018 | B2 |
| 20020046169 | Keresman | Apr 2002 | A1 |
| 20060206425 | Sharma | Sep 2006 | A1 |
| 20070022303 | Awatsu | Jan 2007 | A1 |
| 20080208688 | Byerley et al. | Aug 2008 | A1 |
| 20090299864 | Newbrough | Dec 2009 | A1 |
| 20100089998 | Sandstrom et al. | Apr 2010 | A1 |
| 20110099088 | Berrios | Apr 2011 | A1 |
| 20110306368 | McCarthy | Dec 2011 | A1 |
| 20120259768 | Mukherjee | Oct 2012 | A1 |
| 20120278189 | Goldberg et al. | Nov 2012 | A1 |
| 20120290449 | Mullen et al. | Nov 2012 | A1 |
| 20120296818 | Nuzzi et al. | Nov 2012 | A1 |
| 20130024361 | Choudhuri et al. | Jan 2013 | A1 |
| 20130024371 | Hariramani et al. | Jan 2013 | A1 |
| 20130166441 | Kobylkin et al. | Jun 2013 | A1 |
| 20130254284 | Dougherty | Sep 2013 | A1 |
| 20130346314 | Mogollon | Dec 2013 | A1 |
| 20140012701 | Wall et al. | Jan 2014 | A1 |
| 20140025461 | Knowles et al. | Jan 2014 | A1 |
| 20140122988 | Eigner | May 2014 | A1 |
| 20140249904 | Nelsen et al. | Sep 2014 | A1 |
| 20140249947 | Hicks et al. | Sep 2014 | A1 |
| 20150134468 | Dixon et al. | May 2015 | A1 |
| 20150170241 | Jacobsen | Jun 2015 | A1 |
| 20150278801 | Friedlander | Oct 2015 | A1 |
| 20150371219 | Ljujic | Dec 2015 | A1 |
| 20160063484 | Carpenter et al. | Mar 2016 | A1 |
| 20160275486 | Liu et al. | Sep 2016 | A1 |
| 20170154341 | Gilbertson | Jun 2017 | A1 |
| 20170372415 | He | Dec 2017 | A1 |
| 20180005231 | Grassadonia et al. | Jan 2018 | A1 |
| 20180096340 | Omojola et al. | Apr 2018 | A1 |
| 20180150823 | Omojola et al. | May 2018 | A1 |
| 20190034889 | Brock et al. | Jan 2019 | A1 |
| 20190172055 | Hale et al. | Jun 2019 | A1 |
| Number | Date | Country |
|---|---|---|
| 2007008686 | Jan 2007 | WO |
| 2016033165 | Mar 2016 | WO |
| 2018063809 | Apr 2018 | WO |
| Entry |
|---|
| Notice of Allowance dated May 31, 2018, for U.S. Appl. No. 15/679,968, of Grassadonia, B., et al., filed Aug. 17, 2017. |
| Non Final office Action dated Jun. 15, 2018, for U.S. Appl. No. 15/721,212, of Omojola, A., et al., filed Sep. 29, 2017. |
| Non Final office Action dated Jun. 27, 2018, for U.S. Appl. No. 15/965,792, of Jacoby, B , et al., filed Apr. 27, 2018. |
| Ex Parte Quale Action dated Sep. 19, 2018, for Design U.S. Appl. No. 29/586,095, of Omojola, A., et al., filed Nov. 30, 2016. |
| Non-Final Office Action dated Nov. 13, 2018, for U.S. Appl. No. 29/586,087, of Omojola, A., et al., filed Nov. 30, 2016. |
| Final Office Action dated Nov. 15, 2018, for U.S. Appl. No. 15/721,212, of Omojola, A., et al., filed Sep. 29, 2017. |
| Non-Final Office Action dated Mar. 7, 2019, for Design U.S. Appl. No. 29/586,095, of Omojola, A., at al., filed Nov. 30, 2016. |
| Non-Final Office Action dated Mar. 22, 2019, for U.S. Appl. No. 16/206,834, of Omojola, A., et al., filed Nov. 30, 2018. |
| Non-Final Office Action dated Sep. 15, 2016, of U.S. Appl. No. 15/199,457, for Grassadonia, B., el al., filed Jun. 30, 2016. |
| Notice of Allowance dated Apr. 21, 2017, of U.S. Appl. No. 15/199,457, for Grassadonia, B , et al., filed Jun. 30, 2016. |
| Non-Final Office Action dated Sep. 20, 2017, for U.S. Appl. No. 15/679,968, of Grassadonia, B., et al., filed Aug. 17, 2017. |
| Non-Final Office Action dated Dec. 8, 2017, for U.S. Appl. No. 15/382,132, of Westen, P., et al., filed Dec. 16, 2016. |
| Notice of Allowance dated Jan. 8, 2018, for U.S. Appl. No. 15/679,968, of Grassadonia, B., et al., filed Aug. 17, 2017. |
| Notice of Allowance dated Mar. 26, 2018, for U.S. Appl. No. 15/382,132, of Westen, P., et al., filed Dec. 16, 2016. |
| International Search Report and Written Opinion for International Application No. PCT/US2017/051468, dated Nov. 22, 2017. |
| Non-Final Office Action dated Jun. 27, 2019, for U.S. Appl. No. 15/282,759, of Omojola, A., et al., filed Sep. 30, 2016. |
| Final Office Action dated Aug. 22, 2019, for Design U.S. Appl. No. 29/586,087, of Omojola, A., et al., filed Nov. 30, 2016. |
| Final Office Action dated Aug. 22, 2019, for Design U.S. Appl. No. 29/586,095, of Omojola, A., et al., filed Nov. 30, 2016. |
| Non-Final Office Action dated Aug. 23, 2019, for U.S. Appl. No. 16/206,834, of Omojola, A., et al., filed Nov. 30, 2018. |
